KukiBot
Get started
DocsGDPR & complianceGenerate a compliance report for regulators

Generate a compliance report for regulators

A printable audit trail of all consent records. Free on all plans.

💡GDPR Article 7(1) requires you to be able to demonstrate that consent was obtained. The compliance report is your proof — keep a copy whenever you receive a regulator inquiry.

Why you need this report

Under GDPR, the burden of proof is on you — if a Data Protection Authority (DPA) investigates your site, you must show that visitors gave valid consent before tracking started. The KukiBot compliance report gives you exactly that: a timestamped, signed record of every consent decision.

What the report contains

  • 📋 Legal basis statement — references GDPR Article 7(1) and describes how consent was collected
  • 📊 Summary statistics — total consents, accept rate, reject rate, custom preference decisions
  • 🔍 Full consent log — for every record:
    • Visitor ID (anonymous UUID — not personal data)
    • Decision: accept-all / reject-all / custom
    • Categories consented to (analytics, marketing, preferences)
    • IP address
    • User agent (browser)
    • Timestamp (UTC)
  • 🌐 Site information — domain, site ID, report period

How to generate the report

  1. Go to your dashboard and open any site
  2. Scroll to the Consent log section
  3. Click Compliance report
  4. Optionally set a date range (leave blank for all records)
  5. To save as PDF: press Cmd+P (Mac) or Ctrl+P (Windows) → Save as PDF
  6. To export data: click Download CSV — opens in Excel, Google Sheets, or any spreadsheet tool
⚠️Export your consent records periodically as a backup. If you delete a site from KukiBot, its consent records are also deleted.

Agency bulk export

On Agency and Max plans, you can download a combined CSV for all your sites at once from the Analytics dashboardDownload bulk CSV. Useful for quarterly compliance reporting across a portfolio of client sites.

Frequently asked questions

Is this report accepted by EU data protection authorities?

The report contains all data required by GDPR Article 7(1). Most DPAs — including CNIL (France), ICO (UK), and Datenschutzbehörde (Austria) — accept this format. For high-stakes situations or formal investigations, we recommend having a GDPR specialist review your setup.

What if a visitor claims they never consented?

The consent log shows the exact record for their visitor ID, including the timestamp and decision. The visitor ID is stored as a first-party cookie on their browser — if they cleared cookies, they would have been shown the banner again and a new record created.

What is the visitor ID — is it personal data?

No. It's an anonymous UUID stored in a first-party cookie (_kukibot_vid). It identifies the consent decision, not the person. It cannot be used to identify an individual. This is compliant with GDPR.

Is the compliance report free?

Yes — available on all plans including free. This is one of the features most competitors charge extra for.

Next steps

← Back to all docsWas this helpful? Email us →